1. Field of the Invention
The present invention relates to communications networks, and more particularly to wireless communications networks.
2. Description of Related Art
Mobile Information Device Profile (MIDP), together with Connected Limited Device Configuration (CLDC), is a portable code runtime environment for resource-constrained devices, such as mobile telephones and personal digital assistants (PDAs). An example of a portable code environment is that known by the trade name Java, developed by Sun Microsystems, Inc. In this runtime environment, the CLDC defines a base set of application programming interfaces and a virtual machine used by the devices, and the MIDP specification defines a platform for dynamically and securely deploying networked applications to the devices. Notably, developers using MIDP can write applications once, and then deploy them to a wide variety of mobile communication devices. Such applications are referred to as MIDlets.
A MIDlet suite is a package of one or more MIDlets and consists of a Java Descriptor (JAD) file, a Java Archive (JAR) file and a manifest describing the contents of the JAR file. The JAD file contains attributes used by application management software to manage life-cycles of the MIDlets, as well as the application-specific attributes the MIDlet suite itself will use. The JAR file contains the Java class files for the MIDlet suite. Metainformation about these class files is included in the manifest.
MIDP increases access to data and services on a device, and thus a level of trust must be established between the application, the device, and the user. In version 2.0 of the MIDP, this level of trust is established using protection domains. A protection domain defines a collection of permissions that can be granted to a MiDlet suite, including access to privileged functionality on a device.
A MIDlet suite can be bound to a protection domain by properly signing the MIDlet suite in accordance with the X.509 Public Key Infrastructure (PKI) security standard. The signature process includes signing the JAR file with a signature created using a signer's private key. Together with the signature, signer certificates containing the signer's public key then are added as attributes to the JAD file. Finally, root certificates are distributed to devices on which the MiDlets will be executed to establish a basis of trust for MIDlets signed in accordance with the PKI security standard. A root certificate is an unsigned or self-signed X.509 public key certificate. A root certificate typically includes a signature from a certificate authority which confirms its authenticity.
When a MIDlet suite is downloaded to a device, the signature and signer certificates of the MIDlet suite are authenticated against the root certificates stored on the device. If the signature and signer certificates match a root certificate associated with a particular protection domain, the MIDlet suite will be bound to the protection domain and granted permissions defined therein. If the signature or signer certificates do not match a root certificate stored on the device, the MIDlet suite is assigned an untrusted status. Thus, the MIDlet suite will be denied access to privileged functionality on the device.
A carrier signed Java application will be trusted on all mobile communication devices having the appropriate root certificate. However, different carriers oftentimes use mobile communication devices having the same root certificates. In consequence, Java applications sometimes will be provided access to privileged functionality on devices for which the Java applications are not intended. Importantly, a particular carrier may not want its Java applications to be provided to devices which subscribe to another carrier. For example, carriers often provide games intended for their subscribers which can be downloaded over the Internet and transferred to a mobile communication device using a personal computer. A carrier probably would not want such games to be available to devices subscribing to another carrier. Similarly, if a mobile communication device subscribing to a first carrier is in roam mode and temporarily using a second carrier, that carrier may automatically download an application intended for the second carrier's subscribers, but which is of no use to the device. A user of the device probably would not want to tie up resources, which are already limited, with such an application.